UK’s Cyber Security Agency Warns Organizations to Patch Critical RCE Bug


The U.K.’s National Cyber Security Center (NCSC) has issued a warning that nation-state hackers are actively exploiting a critical remote code execution (RCE) bug in MobileIron’s mobile device management (MDM) system. Some of the sectors in the U.K. that have been targeted are healthcare, local government, and logistics.

The United Kingdom’s National Cyber Security Centre (NCSC) issued an advisory last week to organizations to clear systems of a critical remote code execution (RCE) vulnerability in mobile device management systems by MobileIron. The vulnerability tracked CVE-2020-15505Opens a new window “is a target for APT nation state groups and cyber criminals to compromise the networks of U.K. organisations,” the advisory says.

NCSC says the flaw is being actively exploited to target healthcare, local government, logistics, and legal sectors.

CVE-2020-15505 was discovered in March by Orange TsaiOpens a new window and was disclosed to MobileIronOpens a new window . The patch for the bug was released in JuneOpens a new window , with a proof of conceptOpens a new window (PoC) of the exploit becoming available in September. A month later, CVE-2020-15505 was included in NSA’s top 25 vulnerabilities under active exploitation by Chinese hackers.

Since the PoC’s public availability, “both hostile state actors and cybercriminals have attempted to exploit this vulnerability in the U.K.,” the NCSC noted.

With a severity rating of 9.8 out of 10, exploiting CVE-2020-15505 can lead to unauthenticated arbitrary code execution in MobileIron’s mobile device management (MDM).

MDM systems are used by system administrators to centrally manage an organization’s mobile devices used by end-users.

See Also: Cisco Purges Unseen Ghosts From Webex Meetings

According to the U.S. Cybersecurity and Infrastructure Security AgencyOpens a new window (CISA), “this vulnerability allows an external attacker, with no privileges, to execute code of their choice on the vulnerable system. As mobile device management (MDM) systems are critical to configuration management for external devices, they are usually highly permissioned and make a valuable target for threat actors.”

In October, CISA revealed malicious actors have been exploiting CVE-2020-15505 in combination with a severe zerologon bug (CVE-2020-1472) in Windows.

CVE-2020-15505 is present across the MobileIron Core and MobileIron Connector components of MDM and affects the following versions:

  • Core and Connector versions and earlier as well as,,,,, and 
  • MobileIron Sentry versions 9.7.2 and earlier, and 9.8.0
  • Monitor and Reporting Database (RDB) version and earlier

The NCSC is urging all affected organizations to update the systems immediately. 

Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!